1. Field of the Invention
The present invention relates to user authentication systems, and in particular to personal computers and user authentication network servers that work together to machine automate user authentication and log-on to numerous independent and unrelated third-party network websites.
2. Description of the Prior Art
User identification (ID) and passwords have become the standard way the world logs on to secure websites and conducts business. Once the user is authenticated to the satisfaction of the website, the session authorized has a limited time to be completed. After that, the user has to log-on again with at least their password.
Remembering odd user ID's and near cryptic passwords is difficult for everyone. But those, of course are the best ones to have because simple guesses cannot be used successfully by fraudsters. So, the typical Internet and computer users often try to register the same user ID and passwords at most or all of the websites they use. But user ID duplications with other users and ever stricter rules about what constitutes an acceptable password seem to always frustrate those naive attempts to simplify ones life.
A typical user soon has to deal with and remember dozens or more user ID's and the passwords that go with them. Some websites try to bolster the strength of the average user ID and passwords they accept during registration by adding in one more security factor during log-on. For example, a “cookie” can be pushed onto the user computer that helps identify the user as legitimate the next time they log-on. The websites that do this sometimes ask the user if they should “Remember This Computer?”.
William Loesch, et al., describe in United States Patent Application US 2008/0028444, published Jan. 31, 2008, a secure website authentication process that allows a user to gather all their user ID's and passwords together and have their computer automatically supply the corresponding user ID and password needed for a website that is browsed by the user. However, this process requires a secure password store or hardware token be presented by the user so that a vault of the collected user ID's and passwords can be accessed. The user authenticates once to their computer, and the computer authenticates to the many secure websites being browsed. The hardware token described can be in the form of a USB-fob.
What is needed is system that allows a user to automatically log-on to all the secure websites they use with strong authentication mechanisms, and yet be as simple as having to remember and enter only one universal password. What is also needed in order for such a system to be a commercial success is that users should not be required to install any new hardware on their personal computer, nor should anything different be required of the third party websites being visited.